October 2, 2018

This approach worked when the data was stored inside our own network. We held the keys to the door and our business applications and data didn’t need to leave our own environment.

To innovate and grow, many businesses need to leverage third party applications and services to interact with business partners and consumers. This means letting the walls down.

The new normal: Welcome to The Cloud

Our data now lives in different locations throughout its lifecycle; hybrid and multicloud deployment models are the new norm. Whether data is within our own enterprise storage arrays, in the public cloud, or sometimes both, you are still responsible for its security, protection and governance.

The Cloud means we can no longer operate by simply fencing ourselves off from the outside world; we can’t rely on a traditional firewall to protect our empire and traditional anti-virus (AV) to catch any nasties that manage to sneak in.

Double protection: Data protection in the hybrid era

We need what we at Diversus Group call ‘double protection’.

There are 2 key elements to double protection:

Data Availability: Multiple backup copies (regardless of where the data is located – in your own datacentre, the Cloud or both) with redundancy built in to the systems and platforms hosting the data.

The ‘always on’ digitised business model demands more and more from less. Backup in the hybrid world presents new challenges:

traditional tape-based back up is generally no longer workable for a hybrid cloud

your backup window is shrinking – you may not be able to back up all of your data in the timeframe allocated by your business

you may not be able to restore your data or a subset if it may be compromised.

We can’t create more time, so we need a new approach to data protection and backup.

Disk-based back up using a smart data storage operating system is now fundamental to data protection in the hybrid cloud. The OS must seamlessly manage and move data between your on-site environment and multiple clouds.

Backup and recovery are crucial to your business continuity and crisis management plans. Your plans should be frequently tested – getting a call to say the office is on fire isn’t the time to test your recovery capabilities.

Nobody thought Fukushima’s nuclear reactors would melt down as the result of a tsunami.

Nobody thought terrorists would use airliners as missiles and fly into The Twin Towers.

Nobody thought the main arterial highway and rail corridor in NZ’s South Island would be destroyed by an earthquake.

The takeaway is that disaster can strike at any time and we need to be prepared.

Cyber attacks: Don’t be the cheese

With the new technology that is available today, many companies are losing control of what their users can do and the data they can access, which results in many business environments having more holes in them than Swiss cheese. That’s why bad guys can exploit them. Technology is moving fast, and soon anything with a circuit board will be network connected. This means opportunity, and risk. We have a new responsibility to address these threat vectors and disrupt the cyber-attack lifecycle.

Data moving freely between clouds and multiple end points means we need to be constantly vigilant to threats. As it becomes harder and harder to differentiate between physical and cyber space, our data is massively aggregated and computer power will soon become almost limitless.

We need technology to deliver security, but security is about more than just technology. Security should be woven throughout your organisation.

If you are relying on a reactive, manual approach to combat a highly automated adversary, you are at risk. Its’ about the maths – you need a proactive, automated response. The costs of launching a cyber attack is decreasing, we need to fight fire with fire and dramatically increase the cost of a successful attack.

Data breaches: Best and worst case scenarios

Risks of data loss or breach manifest themselves differently – but end results are usually the same:

the best case scenario? Nobody notices (mandatory reporting makes it hard to hide)

a small breach, outage or data loss? Your organisation may suffer damage to their reputation, you may lose some customers and be unable to trade for a short period while you (hopefully) restore operations but the business will survive. As the custodian of the data you will experience damage to your personal reputation and brand

the worst case scenario? Your organisation suffers a large outage, loss or breach. The business is unable to trade for a prolonged period and goes out of business.

Do you want to take the risk?

TALK TO DIVERSUS TODAY ABOUT DOUBLE PROTECTION

We have been deploying enterprise data management solutions for over a decade with market leaders such as NetApp and Palo Alto Networks. NetApp have developed a ‘data fabric’ to seamlessly move and protect data in the hybrid / multicloud paradigm. While Palo Alto Networks focus on automated threat prevention across the network, cloud and endpoint to guard against cyber threats at all stages of the attack lifecycle.

As a CEO, I make risk-based decisions daily. With risk comes reward. If organisations don’t take calculated risks, they’re likely to get into trouble.

We can’t stop taking risks. We can’t eradicate all threats. But we can mitigate them by identifying likely scenarios, assessing risks and planning cost-effective security and data availability strategies.